Hi All Has anyone notice an issue with the Osquery `iptables

Question

Hi All Has anyone notice an issue with the Osquery `iptables` virtual table returning nothing I ve dug into the source code and have a potential theory why this issues exists but also wanted to reach out here incase anyone has seen this gotcha

Pankaj Singh · Answer

try running osquery with root user

oneiroi · Answer

< Pankaj Singh> no difference disappointed

Pankaj Singh · Answer

oh got it

Pankaj Singh · Answer

ubuntu 22 04 version right

Pankaj Singh · Answer

Ubuntu 22 04 iptables uses the iptables nft mode inside it we have to use the iptables legacy mode

Pankaj Singh · Answer

< oneiroi> take this as a reference it worked for me

Pankaj Singh · Answer

seph · Answer

Please ask questions in one place I answered this elsewhere But as Pankaj said you need the iptables compatibility shim